To say IPsec is a complex technology is an understatement. ESP versus AH, tunnel mode versus transport, 3DES, AES, MD5, SHA -- there are quite a few pieces to the puzzle. It's taken me a while to get comfortable with IPsec in the Cisco world. Obviously studying for the ISCW furthered my knowledge considerably, but I owe a lot to Steve Friedl's Illustrated Guide to IPsec for laying the first foundations.

The author does an excellent job laying out the framework components and the advantages and drawbacks of varying implementations. Packet headers are illustrated in a very intuitive manner, demonstrating how the encapsulations work together to provide data authentication and encryption. Even if you're already well versed in IPsec theory, the guide provides a happily succinct overview of what can be a very daunting technology.

If you're hungry for more after reading through the guide, check out my notes from the ISCW or the IPsec cheat sheet.